The fact images on writable drives produce standard writable file system partitions is currently ignored

When an Archiso-generated ISO is put on an USB drive the non-rockridge partitions (i.e. the EFI system partition) become writable, but we currently don't leverage this fact at all.

Being able to have extra standard partitions brings many advantages, among others:

an untamperable area to be used to load kernel or store signatures (so reducing physical attacks surface to boot loader;
persistent storage (!268 (closed)) on an optional (non-FAT) partition on the ISO file to be used as persistent storage;

such partition can be set at build time (added in mkarchiso) or run time (dynamic, added through a systemd service);

size should be proportional to root file system size;

if the dongle buildmode and the root file system encryption options are enabled, then partition should be a raid and should span over both devices.

Testing

Code to easily add arbitrary volumes has been added to my archiso branches and is enabled in archlinux-desktop (AUR).

Related MR

Edited Jul 27, 2023 by Tallero Tallero

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

The fact images on writable drives produce standard writable file system partitions is currently ignored

Testing

Related MR